Hi Craig, The scan could be started by someone on the Inet, whether you have or not a static IP. It always happens. The default port of Squid is 3128. Its interesting to put your firewall to log these not allowed connections, so you'll see from where these connections are generated. The portscanning is the first action to a possible attack... Portscanning let the intruder know something more about your system... If you have some dangerous process running on any port, the portscan will show that, unless its blocked by your firewall. So the intruder has the capability to DoS or penetrating your system.
[]'s Edilson ------------- Original message follows ------------- Hello Everyone. I'v been noticeing in my snort logs a lot of Squid Proxy attemts. My box is setup as a firewall/gateway for one of my friends but i dont think that hes causing them (unless hes capable of spoofing what NIC they come in on)I was wondering what could be causing the scans? and what port Squid proxy uses? And also what kind of danger do these scans present to the secruity of my computer? Thanks Craig ___________________________________________________ Edilson Osorio Junior 4Solutions Informática Divisão NetHawk - Consultoria e Segurança de Redes
